4 matches found
CVE-2026-4331
The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to unauthorized data loss in all versions up to, and including, 8.8.2. This is due to the resetSocialMetaTags function only verifying that the user has the 'read' capability and a valid b2ssecuritynonce, both o...
EUVD-2023-45125
Malicious code in bioql PyPI...
PT-2024-3150 · WordPress · Blog2Social
Name of the Vulnerable Software and Affected Versions: Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress versions up to, and including, 7.4.2 Description: The issue is related to insufficient protection of sensitive data, allowing unauthenticated attackers to view limited...
CVE-2022-3622
The Blog2Social plugin for WordPress is vulnerable to authorization bypass due to missing capability checks in versions up to, and including, 6.9.11. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to change some plugin settings intended to be...